Penetration Testing mailing list archives

Re: Tool to find hidden web proxy server

From: "Gary E. Miller" <gem () rellim com>
Date: Thu, 2 Sep 2004 17:04:05 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Jose!

On Thu, 2 Sep 2004, Jose Maria Lopez wrote:

But if you allow in and out from specific ports you have at least a
second level of security over what the original poster said it had.
Only allowing out from some IPs it's possible, but I find it very
difficult to make rules for the outer IPs, having in mind the original
poster wants to have internet connection from the LAN for that
machines.


If you leave just ONE port open, then an insider can use it to tunnel
out.  That one port is often DNS/udp.  You have to work very, very,
hard to filter out IP over DNS/udp.  You could force the use of
an internal DNS server, but if it allows any recursive lookups out
of the firewall then game over.

This /. describes how to do it:
        http://slashdot.org/articles/00/09/10/2230242.shtml

The insider does not even need an open port.  Only TCP/IP (proto 6) and
TCP/UDP (proto 17) use "ports".  The insider can just use a "portless"
protocol like TCP/ICMP (proto 1), TCP/ESP (proto 50), TCP/AH (proto 51),
etc.

There are several IPSEC stacks available as freeware that use TCP/ESP
and TCP/AH.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBN7T48KZibdeR3qURAm4gAJ9GXYH6eeVS55+ai8SLOT93raeBKACg2BGf
QUxTOF4ZbKCUlGm33D2r0+w=
=HiIK
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

Current thread:

RE: Tool to find hidden web proxy server, (continued)
- RE: Tool to find hidden web proxy server wnorth (Sep 02)
  - Re: Tool to find hidden web proxy server vinay mangal (Sep 01)
    - Re: Tool to find hidden web proxy server Javier Fernandez-Sanguino (Sep 02)
    - Re: Tool to find hidden web proxy server Marc (Sep 02)
    - Re: Tool to find hidden web proxy server Martin Mačok (Sep 02)
    - Re: Tool to find hidden web proxy server Christine Kronberg (Sep 02)
    - Re: Tool to find hidden web proxy server Paulo Henrique Fisch de Brito (Sep 02)
    - Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 02)
    - Re: Tool to find hidden web proxy server R. DuFresne (Sep 02)
    - Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 02)
    - Re: Tool to find hidden web proxy server Gary E. Miller (Sep 03)
    - Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 03)
    - Re: Tool to find hidden web proxy server Chris Brenton (Sep 02)
    - Re: Tool to find hidden web proxy server Gary E. Miller (Sep 02)
    - Re: Tool to find hidden web proxy server hashem (Sep 02)
    - Re: Tool to find hidden web proxy server Rogan Dawes (Sep 02)
    - Re: Tool to find hidden web proxy server Thor (Sep 03)
    - RE: Tool to find hidden web proxy server Aditya Deshmukh (Sep 03)
    - Re: Tool to find hidden web proxy server Balaji Prasad (Sep 05)
  - Re: Tool to find hidden web proxy server Thomas Loch (Sep 07)
    - Re: Tool to find hidden web proxy server Jose Maria Lopez (Sep 08)

(Thread continues...)